httpd-dev mailing list archives

Hi,
Currently the configuration directive AuthUserFile is taken as relative to
the ServerRoot. Well, in an virtual hosting setup where none of my users has
access to the ServerRoot, this is not really useful. I'd rather have it
relative to the document root or the directory of the .htaccess file.
I think making this relative to the server root was designed to support
people keeping the .htpasswd files out of the document root so that they
can't be downloaded. But this can just as easily done by denying access to
.htpasswd just like .htaccess for all users, which is what I intend to do.
Oh, and if AuthUserFile is changed, then AuthGroupFile should also be
changed.
Are others interested in seeing this change made? Does changing this sound
possible? Any thoughts?
References:
http://www.apache.org/docs/mod/mod_auth.html#authuserfile
Thanks for reading this request!
- David Harris
Principal Engineer, DRH Internet Services